Abstract

The standard symbolic, deducibility-based notions of secrecy are in
general insufficient from a cryptographic point of view, especially in
presence of hash functions. In this paper we devise and motivate a
more appropriate secrecy criterion which exactly captures a standard
cryptographic notion of secrecy for protocols involving public-key
enryption and hash functions: protocols that satisfy it are
computationally secure while any violation of our criterion directly
leads to an attack. Furthermore, we prove that our criterion is
decidable via an NP decision procedure. Our results hold for standard
security notions for encryption and hash functions modeled as random
oracles.